Text Encryption

How to use

1. 1Pick Encrypt or Decrypt at the top.
2. 2In Encrypt mode, paste or type the message you want to protect, enter a long passphrase, and pick base64 or hex output. Choose an iteration count (250,000 by default; 600,000 matches recent OWASP guidance).
3. 3Click Encrypt and copy the resulting envelope. It contains the salt, IV, ciphertext, and authentication tag in a single base64 or hex string.
4. 4To recover the message, open Decrypt, paste the envelope, enter the same passphrase, and use the same iteration count. The original text appears once the GCM tag is verified.
5. 5Share the passphrase and iteration count out of band (different channel, ideally face to face or by phone). Anyone with the envelope and the passphrase can decrypt the message.

About this tool

Text Encryption is a browser-only tool for protecting a piece of text with a passphrase using AES-256-GCM, the same authenticated encryption mode used by TLS 1.3 and most modern protocols. The Encrypt mode takes your plain text and a passphrase, generates a fresh random 16-byte salt and 12-byte IV with the browser CSPRNG, derives a 256-bit AES key using PBKDF2-HMAC-SHA-256 (default 250,000 iterations, with presets up to 1,000,000 for stronger offline-attack resistance), encrypts the text, and produces a single self-contained envelope laid out as salt then IV then ciphertext with the 16-byte GCM authentication tag. The envelope is shown as base64 (shorter, friendlier for email and chat) or hex (easier to inspect, drops cleanly into shell scripts), and a Copy button copies the whole string in one click. The Decrypt mode accepts the envelope plus the same passphrase and iteration count, parses the salt and IV out of the header, derives the same key, and verifies the GCM tag before returning any text. Wrong passphrase, mismatched iterations, or any tampering with the ciphertext all surface as a single decryption error so partial output never leaks. Useful for sending a one-off secret note over email or chat without setting up PGP, sharing API keys or temporary credentials with a teammate, encrypting a passage of personal notes before pasting it into a sync service, double-protecting recovery phrases or codes you keep in a password manager, or just verifying that your platform's crypto primitives behave the way you expect. Strength depends on the passphrase. A short or dictionary-based passphrase can be brute forced offline against the public envelope, even with high iteration counts. Pair this tool with the related Passphrase Generator (long random word lists) or Password Generator (high-entropy random strings) to build a passphrase that is hard to guess. Everything runs in window.crypto.subtle on your device. Plain text, passphrase, and ciphertext never leave the page and are not stored after the tab closes.

Free to use. Works in your browser. No signup, no login.